I need to create/suspend user accounts for the following systems for when our department hires/dismisses employees:
- Bug Tracker (Mantis)
- Email (Google Apps)
- SVN
- Shopping Cart (Magento)
- Terminal/SSH Access (CentOS)
For some reason I have the thought that LDAP is what we're looking for... and we have the ability to drive all of this from Active Directory if need-be.
I don't mind doin开发者_如何学运维g a lot of development if necessary; I just need to know if it can, indeed, be done!
LDAP is a good choice for a standard directory that other applications can use for authentication. LDAP itself is just a directory; it does not inherently have features to create/delete accounts in other systems.
That said, some of those other systems may have the ability to use a central LDAP directory as their authentication system (for example, using a pam_ldap authentication module for ssh login to CentOS). Depending on the system, it may be necessary to perform an explicit "create user" operation locally - for example, just adding an account to LDAP will likely not create a user & home directory on CentOS. That's where you'd end up having to do some work if you want a totally automated system.
There are commercial products (e.g. "Oracle Identity Manager") out there that target this exact need, but (a) they're expensive, (b) they're very complex, (c) they're expensive, (d) they'd require significant customization to support your precise set of target systems, and (e) they're really expensive.
精彩评论